From 6571af05b7574f6d752890301b9743b1243a05bd Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 11 Oct 2011 16:02:54 +0000
Subject: MOA-ID: * Fixed Bug #557 * Update Konfiguration: Target via Konfig
 fix konfigurierbar * Update Doku Common: * DOMUtils: Parser disabled external
 entities

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1219 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  |  14 ++++++-
 .../schemas/MOA-ID-Configuration-1.5.1.xsd         |   3 +-
 id/history.txt                                     |   6 ++-
 id/server/auth/src/main/webapp/iframeHandyBKU.html |   6 +--
 .../auth/src/main/webapp/iframeOnlineBKU.html      |  11 ++---
 id/server/auth/src/main/webapp/index.html          |  14 ++-----
 id/server/doc/MOA-ID-Configuration-1.5.1.xsd       |   3 +-
 id/server/doc/MOA_ID_1.5_Anhang.pdf                | Bin 0 -> 70517 bytes
 id/server/doc/moa_id/id-admin_2.htm                |   5 ++-
 id/server/doc/moa_id/moa.htm                       |   5 +--
 .../moa/id/auth/AuthenticationServer.java          |  16 ++++++--
 .../AuthenticationBlockAssertionBuilder.java       |  11 ++++-
 .../moa/id/auth/data/AuthenticationSession.java    |  40 ++++++++++++++++++
 .../auth/parser/IdentityLinkAssertionParser.java   |  14 +++++--
 .../moa/id/auth/servlet/SelectBKUServlet.java      |  33 +++++++++++++--
 .../auth/servlet/StartAuthenticationServlet.java   |  45 ++++++++++++---------
 .../CreateXMLSignatureResponseValidator.java       |  18 +++++++--
 .../moa/id/config/ConfigurationBuilder.java        |  23 ++++++++++-
 .../gv/egovernment/moa/id/config/OAParameter.java  |  40 ++++++++++++++++++
 .../test/abnahme/A/Test100StartAuthentication.java |  12 ++++--
 .../test/java/test/abnahme/AbnahmeTestCase.java    |   1 +
 .../moa/id/auth/AuthenticationServerTest.java      |   2 +-
 .../AuthenticationBlockAssertionBuilderTest.java   |   2 +-
 pom.xml                                            |   2 +-
 24 files changed, 252 insertions(+), 74 deletions(-)
 create mode 100644 id/server/doc/MOA_ID_1.5_Anhang.pdf

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 5fa31336b..13c2809ac 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -110,6 +110,16 @@ public class DOMUtils {
    * without a namespace. */
   private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY =
     "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation";
+  
+  private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE =
+  	"http://xml.org/sax/features/external-general-entities";
+  
+  private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
+	  "http://xml.org/sax/features/external-parameter-entities";
+  
+  
+  
+  
   /** Property URI for the Xerces grammar pool. */
   private static final String GRAMMAR_POOL =
     org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
@@ -234,8 +244,8 @@ public class DOMUtils {
 	    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
 	    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
 	    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
-	    //parser.setFeature("http://xml.org/sax/features/external-general-entities", false);
-	    //parser.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
 	
 	    if (validating) {
 	      if (externalSchemaLocations != null) {
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
index f8c38bdd3..cc562187a 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->
 <xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
 	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
 	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
@@ -137,6 +136,8 @@
 								</xsd:attribute>
 								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
 								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+								<xsd:attribute name="target" type="xsd:string" use="optional"/>
+								<xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/>
 							</xsd:extension>
 						</xsd:complexContent>
 					</xsd:complexType>
diff --git a/id/history.txt b/id/history.txt
index 8d88f1bb1..6a5e363f7 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -8,10 +8,12 @@ History MOA-ID:
 Version MOA-ID 1.5.1: Änderungen seit Version MOA-ID 1.5.0:
 
 - Fixed Bug #556 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=556&group_id=6&atid=105) 
-- Fixed Bug @TODO Apostroph
+- Fixed Bug #557 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=557&group_id=6&atid=105)
 - Update Einbindung Online-Vollmachten (Vor Auswahl der Vollmacht werden die Signaturdaten signiert)
 - Update Transformationen (für Online-Vollmachten)
-- Änderung der Konfiguration für Online-Vollmachten
+- Änderung der Konfiguration 
+	- für Online-Vollmachten
+	- Fixer Target-Parameter für Online-Applikation konfigurierbar
 
 
 =====
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index a7e541b85..f07b73265 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -8,13 +8,11 @@
     	<script type="text/javascript">
 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
            	// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
-			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
-			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
 				
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
 			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
-			//var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
-			var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
+			var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
 				
 				
 			window.onload=function() {
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
index 60f44ace9..4873245be 100644
--- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html
+++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
@@ -8,19 +8,16 @@
 	    <script type="text/javascript">
 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
             // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
-			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
-			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
 			
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
 			// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
-			//var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
-			var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
-
+			var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+			
 			// [MUSS] Geben Sie hier die URL zur Online BKU an
 			// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
 			// Hinweis: Diese URL muss auch bei den vertrauenswürdigen BKUs in der MOA-ID Konfiguration angegeben werden (siehe Element MOA-IDConfiguration/TrustedBKUs/BKUURL)
-			//var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
-			var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
+			var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
 				
 			window.onload=function() {
 				document.getElementById('moaidform').action = MOA_ID_STARTAUTHENTICATION;
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index d78f01f2a..6e60ae433 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -11,13 +11,11 @@
         <script type="text/javascript">
 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
             // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
-			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
-			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
 			
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
             // z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
-			//var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
-			var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
+			var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
 			
 			
 			window.onload=function() {
@@ -137,12 +135,8 @@
 
                     <div id="localBKU" style="display:none" class="hell">
                         <hr>
-                        <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
-                        <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at"-->
                         <form method="post" id="moaidform">
                             <input type="hidden" name="show" value="false"> 
-							<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an -->
-                            <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_localBKU.html"-->
                             <input type="hidden" name="Template" id="Template">
                             <input type="hidden" name="bkuURI" value="https://localhost:3496/https-security-layer-request">
                             <input type="hidden" name="useMandate" id="useMandate"> 
@@ -178,10 +172,10 @@
 
                 <div id="rightcontent">
                     <p>
-                        <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren" width="210"></a>                    
+                        <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren"></a>                    
                     </p>
                     <p>
-                        <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Mobile Signatur aktivieren" width="210"></a>                    
+                        <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Handy Signatur aktivieren"></a>                    
                     </p>                   
                 </div>
 
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
index f8c38bdd3..cc562187a 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->
 <xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
 	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
 	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
@@ -137,6 +136,8 @@
 								</xsd:attribute>
 								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
 								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+								<xsd:attribute name="target" type="xsd:string" use="optional"/>
+								<xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/>
 							</xsd:extension>
 						</xsd:complexContent>
 					</xsd:complexType>
diff --git a/id/server/doc/MOA_ID_1.5_Anhang.pdf b/id/server/doc/MOA_ID_1.5_Anhang.pdf
new file mode 100644
index 000000000..454ff933a
Binary files /dev/null and b/id/server/doc/MOA_ID_1.5_Anhang.pdf differ
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 12f71808d..ea4874edd 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -574,8 +574,9 @@ Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu akt
                           <p>Mit dem Attribut <tt>OnlineApplication/@friendlyName</tt> kann eine benutzerfreundlicher Name f&uuml;r die Online-Applikation angegeben werden. Dieser Name scheint beim Login des Benutzer auf.</p>
                           <p>Das Attribut <tt>OnlineApplication/@keyBoxIdentifier</tt> gibt das Schl&uuml;sselpaar an, welches von der B&uuml;rgerkartenumgebung
                             zum Signieren des Auth Blocks verwendet wird. M&ouml;gliche
-                            Werte: <tt>CertifiedKeypair </tt>sowie<tt> SecureSignatureKeypair.<br>
-                            </tt><br />
+                            Werte: <tt>CertifiedKeypair </tt>sowie<tt> SecureSignatureKeypair.</tt></p>
+                          <p>Das Attribut <tt>OnlineApplication/@target</tt> gibt einen konkreten Gesch&auml;ftsbereich f&uuml;r eine Online-Applikation vor. D.h. es wird der Target-Parameter aus dem Request mit diesem Wert &uuml;berschrieben. Zus&auml;tzlich kann noch ein benutzerfreundlicher Name mittels des Attributs <tt>OnlineApplication/@targetFriendlyName</tt> f&uuml;r den Gesch&auml;ftsbereich angegeben werden. Beide Attribute k&ouml;nnen nur bei einer Online-Applikation f&uuml;r den &ouml;ffentlichen Bereich angegeben werden.<br>
+                          </tt><br />
                             Das Element <tt>OnlineApplication</tt> hat optional
                             zwei Kind-Elemente: <tt>AuthComponent</tt> und <tt>ProxyComponent</tt>.                          </p>
 <div id="OnlineApplication/AuthComponent" />
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index b3633736e..94f4a35ea 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -114,7 +114,7 @@ Diese beiden Komponenten k&ouml;nnen auf unterschiedlichen Rechnern
 oder auf dem gleichen Rechner eingesetzt werden.
 <br /><br />
 Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu MOA-ID ist in der
-<a href="../MOA_ID_1.4_20070802.pdf" target="_new">Spezifikation</a> bzw. im <a href="../MOA_ID_1.4_Anhang.pdf" target="_new">Anhang zur Spezifikation</a> detailliert beschrieben.
+<a href="../MOA_ID_1.4_20070802.pdf" target="_new">Spezifikation</a> bzw. im <a href="../MOA_ID_1.5_Anhang.pdf" target="_new">Anhang zur Spezifikation</a> detailliert beschrieben.
 <br />
 <br />
 F&uuml;r den Betrieb von MOA-ID ist der Einsatz von MOA-Signaturpr&uuml;fung (MOA-SP) erforderlich.
@@ -130,8 +130,7 @@ F&uuml;r den Betrieb von MOA-ID ist der Einsatz von MOA-Signaturpr&uuml;fung (MO
 
 <tr>
 <td valign="top" width="30">1</td>
-<td id="block">Der Benutzer verbindet sich zu einem Web-Portal, &uuml;ber das die verf&uuml;gbaren Online-Applikationen (OA) erreichbar
-sind.  Jeder Link zu einer OA verweist auf die Authentisierungs-komponente.
+<td id="block">Der Benutzer verbindet sich zu einem Web-Portal, &uuml;ber das die verf&uuml;gbaren Online-Applikationen (OA) erreichbar sind.  Jeder Link zu einer OA verweist auf die Authentisierungs-komponente.
 </td>
 </tr>
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 9e15e04dd..27a2f3050 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,11 +24,15 @@
 
 package at.gv.egovernment.moa.id.auth;
 
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
 import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
 import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.Principal;
@@ -90,7 +94,6 @@ import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidat
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -114,6 +117,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
+
 /**
  * API for MOA ID Authentication Service.<br>
  * {@link AuthenticationSession} is stored in a session store and retrieved
@@ -295,6 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * </ul>
    * @param authURL URL of the servlet to be used as data URL
    * @param target "Gesch&auml;ftsbereich" of the online application requested
+   * @param targetFriendlyName Friendly name of the target if the target is configured via configuration
    * @param oaURL online application URL requested
    * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used; 
    *                may be <code>null</code>; in this case, the default location will be used
@@ -310,6 +315,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
   public String startAuthentication(
     String authURL,
     String target,
+    String targetFriendlyName,
     String oaURL,
     String templateURL,
     String bkuURL,
@@ -343,15 +349,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
       if (oaParam == null)
         throw new AuthenticationException("auth.00", new Object[] { oaURL });
-      if (!oaParam.getBusinessService()) {
+      if (!oaParam.getBusinessService()) {    	  
         if (isEmpty(target))
           throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
       } else {
         target = null;
+        targetFriendlyName = null;
       }
       session = newSession();
       Logger.info("MOASession " + session.getSessionID() + " angelegt");
       session.setTarget(target);
+      session.setTargetFriendlyName(targetFriendlyName);
       session.setOAURLRequested(oaURL);
       session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
       session.setAuthURL(authURL);
@@ -509,7 +517,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 //		e.printStackTrace();
 //	}
 //    
-	
+ 	
     
  // parses the <InfoboxReadResponse>
     IdentityLink identityLink =
@@ -845,6 +853,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setIssueInstant(issueInstant);
     String authURL = session.getAuthURL();
     String target = session.getTarget();
+    String targetFriendlyName = session.getTargetFriendlyName();
     //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
     //String oaURL = session.getPublicOAURLPrefix();
     String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
@@ -854,6 +863,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       issueInstant, 
       authURL, 
       target,
+      targetFriendlyName,
       identificationValue,
       identificationType,
       oaURL, 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 35c4244c6..db70a6111 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -150,6 +150,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
     String issueInstant, 
     String authURL, 
     String target,
+    String targetFriendlyName,
     String identityLinkValue, 
     String identityLinkType,
     String oaURL, 
@@ -192,7 +193,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
       }
     } else {
       // OA is a govermental application
-      String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);      
+      String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+      if (StringUtils.isEmpty(sectorName)) {
+    	  if (targetFriendlyName != null)
+    		  sectorName = targetFriendlyName; 
+      }
+      
+      System.out.println("targetFriendlyName: " + targetFriendlyName);
+      System.out.println("sectorName: " + sectorName);
+    	  
       //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
       gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
       
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 61e4cd28b..e13379bda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -60,6 +60,14 @@ public class AuthenticationSession {
    * if the online application is a business application
 	 */
 	private String target;
+	/**
+	 * Friendly name for the target, if target is configured via MOA-ID configuration
+	 */
+	private String targetFriendlyName;
+	/**
+	 * Indicates if target from configuration is used or not
+	 */
+	private boolean useTargetFromConfig;
 	/**
 	 * public online application URL requested
 	 */
@@ -277,6 +285,14 @@ public class AuthenticationSession {
   public String getTarget() {
     return target;
   }
+  
+  /**
+   * Returns the target friendly name.
+   * @return String
+   */
+  public String getTargetFriendlyName() {
+    return targetFriendlyName;
+  }
 
   /**
    * Sets the oaURLRequested.
@@ -318,6 +334,13 @@ public class AuthenticationSession {
       this.target = target;
     }
   }
+  /**
+   * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
+   * @param target The target to set
+   */
+  public void setTargetFriendlyName(String targetFriendlyName) {
+     this.targetFriendlyName = targetFriendlyName;    
+  }
 
   /**
    * Returns the authURL.
@@ -641,6 +664,23 @@ public class AuthenticationSession {
 	  return this.useMandate;
   }
   
+  /**
+   * 
+   * @param useTargetFromConfig indicates if target from config is used or not
+   */
+  public void setUseTargetFromConfig(boolean useTargetFromConfig) {
+	  this.useTargetFromConfig = useTargetFromConfig;
+	  
+  }
+  
+  /**
+   * Returns if target is used from mandate or not
+   * @return
+   */
+  public boolean getUseTargetFromConfig() {
+	  return this.useTargetFromConfig;
+  }
+  
   /**
    * 
    * @param misSessionID indicates the MIS session ID
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index da787fe3f..2e20f483c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -246,10 +246,16 @@ public class IdentityLinkAssertionParser {
         XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
 			identityLink.setIdentificationType(
 				XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, ""));
-      identityLink.setGivenName(
-        XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
-      identityLink.setFamilyName(
-        XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""));
+			
+	  String givenname = XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "");
+	  String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "");
+
+	  // replace ' in name with &#39;
+	  givenname = givenname.replace("'", "&#39;");
+	  familyname = familyname.replace("'", "&#39;");			
+		
+      identityLink.setGivenName(givenname);
+      identityLink.setFamilyName(familyname);
       identityLink.setDateOfBirth(
         XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, ""));
 			 NodeIterator dsigRefTransforms = 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index dc1cee3b2..dd8a3144a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -35,14 +35,17 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
 
 /**
  * Servlet requested for selecting a BKU.
@@ -114,8 +117,6 @@ public class SelectBKUServlet extends AuthServlet {
     try {
        
        // check parameter
-       if (!ParamValidatorUtils.isValidTarget(target))
-          throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
        if (!ParamValidatorUtils.isValidOA(oaURL))
           throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
        if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
@@ -123,9 +124,33 @@ public class SelectBKUServlet extends AuthServlet {
        if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
            throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
 
+       if (!ParamValidatorUtils.isValidTarget(target))
+           throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
+        
+       OAAuthParameter oaParam =
+	          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+	        if (oaParam == null)
+	          throw new AuthenticationException("auth.00", new Object[] { oaURL });
+
+	    // get target and target friendly name from config
+	    String targetConfig = oaParam.getTarget();
+       
+	    String returnValue = null;
+	    if (StringUtils.isEmpty(targetConfig)) {
+	    	// no target attribut is given in OA config
+	    	// target is used from request
+	    	// check parameter
+	    	if (!ParamValidatorUtils.isValidTarget(target))
+	    		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+	    	
+	    	returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+	    }
+	    else {
+	    	// use target from config
+	    	returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
+	    }
        
-      String returnValue = AuthenticationServer.getInstance().selectBKU(
-        authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+      
       String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
       if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
         // bkuSelectionType==HTMLComplete
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 0eed89655..ca3883dad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -24,14 +24,9 @@
 
 package at.gv.egovernment.moa.id.auth.servlet;
 
-import iaik.pki.PKIException;
-
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.security.GeneralSecurityException;
-import java.util.List;
 
-import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -39,19 +34,17 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
 
 /**
  * Servlet requested for starting a MOA ID authentication session.
@@ -109,9 +102,7 @@ public class StartAuthenticationServlet extends AuthServlet {
  	
     	try {
 		      // check parameter
-		    if (!ParamValidatorUtils.isValidTarget(target))
-		       throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
-		    if (!ParamValidatorUtils.isValidOA(oaURL))
+    		if (!ParamValidatorUtils.isValidOA(oaURL))
              throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
 		    if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
 		       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
@@ -122,12 +113,30 @@ public class StartAuthenticationServlet extends AuthServlet {
 		    if (!ParamValidatorUtils.isValidUseMandate(useMandate))
 	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
 		    
+		    OAAuthParameter oaParam =
+		          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+		        if (oaParam == null)
+		          throw new AuthenticationException("auth.00", new Object[] { oaURL });
+
+		    // get target and target friendly name from config
+		    String targetConfig = oaParam.getTarget();
+		    String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
 		    
-		    
-		    
-			String getIdentityLinkForm =
-				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
-		
+		    String getIdentityLinkForm = null;
+		    if (StringUtils.isEmpty(targetConfig)) {
+		    	// no target attribut is given in OA config
+		    	// target is used from request
+		    	// check parameter
+		    	if (!ParamValidatorUtils.isValidTarget(target))
+		    		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+		    	
+		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+		    }
+		    else {
+		    	// use target from config			    	
+		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+		    }
+
 			resp.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(resp.getOutputStream());
 			out.print(getIdentityLinkForm);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index f6127eb12..d49d038fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -96,12 +96,16 @@ public class CreateXMLSignatureResponseValidator {
       // should not happen, because parser would dedect this
       throw new ValidateException("validator.32", null);
     }
+    // replace ' in name with &#39;
+    issuer = issuer.replace("'", "&#39;");
+    
     String issueInstant = samlAssertion.getAttribute("IssueInstant");
     if (!issueInstant.equals(session.getIssueInstant())) {
       throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()});
     }
     
     String name = identityLink.getName();
+    
     if (!issuer.equals(name)) {
       throw new ValidateException("validator.33", new Object[] {issuer, name});
     }     
@@ -174,10 +178,16 @@ public class CreateXMLSignatureResponseValidator {
           }
         }
         if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
-          foundGB = true;             
-          //BZ..         
-          gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")";
-          //..BZ
+          foundGB = true;
+          String targetFriendlyName = session.getTargetFriendlyName();
+          String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget);
+          if (StringUtils.isEmpty(sectorName)) {
+        	  if (targetFriendlyName != null)
+        		  sectorName = targetFriendlyName; 
+          }
+          gbTarget = gbTarget + " (" + sectorName + ")";
+          //gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")";
+          System.out.println("Validate: " + gbTarget + " - " + samlAttribute.getValue());
           if (!gbTarget.equals((String)samlAttribute.getValue())) {
             throw new ValidateException("validator.13", null); 
           }             
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index bdd0c3294..d81435f83 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -504,6 +504,8 @@ public class ConfigurationBuilder {
       oap.setPublicURLPrefix(publicURLPrefix);
       oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
       oap.setFriendlyName(oAElem.getAttribute("friendlyName"));
+      String targetConfig = oAElem.getAttribute("target"); 
+      String targetFriendlyNameConfig = oAElem.getAttribute("targetFriendlyName"); 
       
       // get the type of the online application
       String oaType = oAElem.getAttribute("type");
@@ -525,6 +527,17 @@ public class ConfigurationBuilder {
           Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
           throw new ConfigurationException("config.02", null);
         }
+
+        if (!StringUtils.isEmpty(targetConfig)) {
+        	Logger.error("Target attribute can not be set for OA of type \"businessService\"");
+        	throw new ConfigurationException("config.02", null);
+        }
+        if (!StringUtils.isEmpty(targetFriendlyNameConfig)) {
+        	Logger.error("Target friendly name attribute can not be set for OA of type \"businessService\"");
+        	throw new ConfigurationException("config.02", null);
+        }
+        
+        	
         if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) {
          oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
          //BZ.., setting type of IdLinkDomainIdentifier
@@ -542,11 +555,19 @@ public class ConfigurationBuilder {
         slVersion = "1.2";
         
       } else {
-        
+          
+    	  if (StringUtils.isEmpty(targetConfig) && !StringUtils.isEmpty(targetFriendlyNameConfig)) {
+    		  Logger.error("Target friendly name attribute can not be set alone for OA of type \"businessService\"");
+    		  throw new ConfigurationException("config.02", null);
+    	  }
+    	  oap.setTarget(targetConfig);
+    	  oap.setTargetFriendlyName(targetFriendlyNameConfig);
+    	  
         if (authComponent!=null) {
           slVersion = authComponent.getAttribute("slVersion");
         }
         
+        
       }
       oap.setSlVersion(slVersion);
       //Check if there is an Auth-Block to read from configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index 0c747b29f..56c97a802 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -54,6 +54,15 @@ public class OAParameter {
    */
   private String friendlyName;
   
+  /**
+   * specified a specific target for the Online Application (overwrites the target in der request)
+   */
+  private String target;
+  /**
+   * specifies a friendly name for the target
+   */
+  private String targetFriendlyName;
+  
   /**
    * Returns the type of the online application.
    * @return the type of the online application.
@@ -119,6 +128,37 @@ public class OAParameter {
       this.friendlyName = friendlyName;
    }
   
+   /**
+    * Gets the target of the OA
+    * @return target of the OA
+    */
+    public String getTarget() {
+       return target;
+    }
+    
+    /**
+     * Sets the target of the OA
+     * @param target
+     */
+    public void setTarget(String target) {
+       this.target = target;
+    }
   
+    /**
+     * Gets the target friendly name of the OA
+     * @return target Friendly Name of the OA
+     */
+     public String getTargetFriendlyName() {
+        return targetFriendlyName;
+     }
+     
+     /**
+      * Sets the target friendly name of the OA
+      * @param targetFriendlyName
+      */
+     public void setTargetFriendlyName(String targetFriendlyName) {
+        this.targetFriendlyName = targetFriendlyName;
+     }
+
 
 }
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index a1ba1b8fb..fcf7477c5 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -43,6 +43,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
     try {
       String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", //target
+        null,
         "http://localhost:9080/", //oaURL
         "file:" + findXmldata("AuthTemplate.html"), 
         "http://localhost:3495/http-security-layer-request",
@@ -62,6 +63,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
     try {
       String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", //target
+        null,
         "http://localhost:9080/", //oaURL
         null, 
         "http://localhost:3495/http-security-layer-request", null, null, null);
@@ -80,6 +82,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
     try {
       String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", //target
+        null,
         "http://localhost:9080/", //oaURL
         "file:" + findXmldata("AuthTemplate.html"), 
          null,
@@ -101,6 +104,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication(null, //authURL
         "gb", //target
+        null,
         "http://localhost:9080/", //oaURL
         null, null, null, null, null);
         //assertEquals("",htmlForm);  
@@ -121,7 +125,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
     try {
       try {
         server.startAuthentication("http://localhost:8080/auth", //authURL
-        "gb", "http://localhost:9080/", //oaURL
+        "gb", null, "http://localhost:9080/", //oaURL
         null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -139,7 +143,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
     try {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
-        "gb", "http://host_not_in_config/", //oaURL
+        "gb", null, "http://host_not_in_config/", //oaURL
         null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -158,7 +162,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
     try {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
-        "gb", null, //oaURL
+        "gb", null, null, //oaURL
         null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -177,7 +181,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
     try {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
-        null, "http://localhost:9080/", //oaURL
+        null, null, "http://localhost:9080/", //oaURL
         null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index 636d301bb..69f33f82c 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -136,6 +136,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
     String htmlForm = AuthenticationServer.getInstance().startAuthentication(
       "https://localhost:8443/auth",
       "gb",
+      null,
       oaURL,
       null,
       null,
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index 31c09bb01..052c1fed4 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -54,7 +54,7 @@ public class AuthenticationServerTest extends UnitTestCase {
   public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
   	String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
   	AuthenticationServer server = AuthenticationServer.getInstance();
-  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null, null);
+  	String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null);
   	String sessionID = parseSessionIDFromForm(htmlForm);
   	String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
     HashMap parameters = new HashMap(1);
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
index e79394a28..d369c39bd 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
@@ -63,7 +63,7 @@ public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase {
 
 	public void testBuild() throws Exception {
 		AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder();
-		String assertionBuilt = builder.buildAuthBlock(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, "", "", OA_URL, GEB_DAT, null, null);
+		String assertionBuilt = builder.buildAuthBlock(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, null,  "", "", OA_URL, GEB_DAT, null, null);
 		assertionBuilt = XML_DECL + assertionBuilt;
 		String assertionShould = XML_DECL + ASSERTION_SHOULD;
 		assertXmlEquals(assertionShould, assertionBuilt);
diff --git a/pom.xml b/pom.xml
index e89c83833..c996bc23e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -97,7 +97,7 @@
             <dependency>
                 <groupId>axis</groupId>
                 <artifactId>axis</artifactId>
-                <version>1.0_IAIK</version>
+                <version>1.0_IAIK</version>                
                 <scope>compile</scope>
             </dependency>
             <dependency>
-- 
cgit v1.2.3